[Qa-jenkins-scm] [jenkins.debian.net] 05/07: reproducible Debian: Greate GPG key on nodes at deploy time, not "lazily".

Holger Levsen holger at layer-acht.org
Mon Oct 31 21:37:01 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository jenkins.debian.net.

commit fadd6ac719be7514ee0f54a787b36df81fda17df
Author: Chris Lamb <lamby at debian.org>
Date:   Sat Oct 29 11:25:57 2016 +0100

    reproducible Debian: Greate GPG key on nodes at deploy time, not "lazily".
    
    Signed-off-by: Chris Lamb <lamby at debian.org>
    Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
 bin/reproducible_build.sh | 18 ------------------
 update_jdn.sh             | 23 +++++++++++++++++++++++
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index d4d2e58..a377280 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -774,24 +774,6 @@ check_buildinfo() {
 }
 
 sign_buildinfo() {
-	# Greate GPG key if it does not already exist
-	if ! gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1
-	then
-		log_info "Generating GPG key"
-
-		gpg --no-tty --batch --gen-key <<EOF
-Key-Type: RSA
-Key-Length: 4096
-Key-Usage: sign
-Name-Real: $(hostname -f)
-Name-Comment: Automatically generated key for signing .buildinfo files
-Expire-Date: 0
-%no-ask-passphrase
-%no-protection
-%commit
-EOF
-	fi
-
 	log_info "Signing $BUILDINFO as $BUILDINFO_SIGNED"
 	gpg --output=$BUILDINFO_SIGNED --clearsign $BUILDINFO
 	log_info "Signed $BUILDINFO as $BUILDINFO_SIGNED"
diff --git a/update_jdn.sh b/update_jdn.sh
index 20ba061..0eb2249 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -678,6 +678,29 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
 	rm -f $TMPFILE
 fi
 
+# Greate GPG key on nodes if they do not already exist in order to sign .buildinfo files
+if [ "$HOSTNAME" != "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
+
+	if gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1
+	then
+		explain "$(date) Not generating GPG key as one already exists"
+	else
+		explain "$(date) Generating GPG key"
+
+		gpg --no-tty --batch --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 4096
+Key-Usage: sign
+Name-Real: $(hostname -a)
+Name-Comment: Automatically generated key for signing .buildinfo files
+Expire-Date: 0
+%no-ask-passphrase
+%no-protection
+%commit
+EOF
+	fi
+fi
+
 #
 # almost finally…
 #

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git

More information about the Qa-jenkins-scm mailing list